On Fri, 2 Feb 2018 16:23:20 +0100
Christian Heimes <christ...@python.org> wrote:
> Hi,
> in PR 3854 [1] Serhiy added blowfish, extended DES and NT-Hash to
> Python's crypt mdodule. I vetoed against addition of the APIs because
> all these hashing algorithms are not state of the art. Their quality
> ranges from old to horribly, horriblye broken beyond any repair.
> Shortly after the PR has landed, I was made aware that glibc has
> deprecated crypt(3) API [2] and favor of an external library called
> libxcrypt [3] from OpenWall Linux. I have patched Python 3.7 [4] to
> support libxcrypt.
> In light of deprecation of crypt(3) glibc function and bad quality of
> hashing algorithms, I'd like to raise the motion to revert 3854 and
> deprecate the crypt module.

Those are two separate proposals.

On the topic of reverting PR #3854, I don't see the point.  Is Blowfish
more fragile than the other algorithms?  If not, it sounds ok to add it.

On the topic of deprecating the crypt module, that doesn't sound like a
good idea right now.  People may need to generate crypt()-compatible
output for various reasons, such as being able to automate system
administration tasks.



Python-Dev mailing list

Reply via email to